Ireland’s economic growth is expected to slow down in the coming months, primarily due to the looming imposition of US President Donald Trump’s tariffs. The 25% tariff aimed at EU imports will be particularly significant given the country’s thriving pharmaceutical industry, with Galway alone hosting the headquarters of major companies like Aerogen and Chanelle Pharma.
These tariffs may cause Ireland to experience a fiscal shock. The country heavily relies on global trade, particularly when it comes to exporting pharmaceutical goods to the US. According to Reuters, President Trump has criticised pharmaceutical goods in particular for creating a ‘massive’ trade surplus that deters the profitability of US drugmakers, making it likely for his tariffs to specifically target products like these. Because the industry contributes a significant amount of the country’s tax revenue, the Central Bank of Ireland (CBI) reduced its forecast for modified domestic demand from 3.1% to 2.7%, highlighting it as the key marker for the country’s overall economic performance.
As in other parts of the region, these developments pose significant risks for Ireland’s financial sector. US tariffs are expected to exacerbate inflation, slow the job market, and even heighten the industry’s cybersecurity risks. These predictions have seen other central banks, like the Bank of England, cut interest rates to shield their economies from their potential effects. Back at home, the CBI is going a step further by significantly updating its framework for supervising the country’s financial institutions.
Introduced in February, the new framework aims to help firms enhance their overall resilience amid a ‘heightened risk environment,’ which the CBI notes is characterised by market volatility caused by the current ‘uncertain’ geopolitical situation. Here’s how the bank’s new strategy compares to its old 2011 PRISM framework and what firms can do to reap the benefits of these changes as global trade conditions fluctuate.
Reviewing 2011’s PRISM framework
The now-retired Probability and Risk Impact System, or PRISM, framework was used to supervise the country’s financial firms more comprehensively and maintain its overall economic stability. Designed to mimic similar frameworks leveraged by the likes of the UK’s Prudential Regulation Authority, it allowed the CBI to support institutions in mitigating risks as soon as they were detected.
Though designed to facilitate efficient resource allocation and assess risks in a consistent and systematic manner, PRISM has previously been criticised for overlooking the more unique, nuanced risks facing smaller firms compared to larger institutions. In some cases, the CBI would assign higher PRISM ratings to certain entities and disproportionately affect these entities over others.
Galway-Roscommon TD Michael Fitzmaurice has accused the CBI of crucifying credit unions, which often provide the most accessible financial services in rural Ireland, simply due to the size of their operations. In limiting their lending thresholds, the CBI hampered firms with fewer resources than larger, multinational banks. That resulted in credit unions falling from 461 to 209 between 2011, when PRISM was introduced, and 2019.
Further analysis from the law firm RDJ LLP pinpointed that PRISM could also be unnecessarily harsh on financial institutions. Across the 40 settlements the CBI entered between 2016 and 2020, only 15% of the cases arose from risks self-reported by firms. Despite this proactiveness, these firms were still subjected to the same fines as firms that remained non-compliant, with the average penalty amounting to over €1.3 million—an amount that may be seen as discouraging future self-reporting efforts.
Due to these factors, PRISM was criticised for stifling growth in the financial sector to maintain stability through strict regulation, something that could have similarly hindered Ireland’s overall economic growth amid today’s volatile market conditions. To prevent the recurrence of such an outcome, the CBI has opted to completely replace the framework. Today, its more balanced approach to risk management aims to help financial firms better weather the shocks expected to come from upcoming developments like US tariffs.
What the CBI is changing this year
The CBI’s current framework, which was introduced in late February, is comprised of a revised supervisory approach that improves upon PRISM’s weaknesses while retaining its strengths. The new approach primarily aims to achieve four key safeguarding outcomes, among which are ensuring the safety and soundness of a firm’s operations and maintaining the overall stability and integrity of the country’s financial sector. As such, the CBI is taking on a more evolved, holistic approach that aims to account for the complexity of the various services and operations offered and leveraged by financial firms.
Rather than assigning risk ratings based on an organisation’s size alone, for example, the new framework now categorises firms based on the products and services they offer, including bank and payments, insurance, and capital markets and funds. From here, the CBI will directly engage with organisations to provide firm-specific risk assessments, which will allow it to more effectively equalise the supervision of firms regardless of scale.
Institutions with a higher risk rating will receive the support of a dedicated CBI supervision team to mitigate risks. Meanwhile, those believed to have a less significant risk impact will instead be subjected to annual sectoral and cross-sectoral thematic engagements helmed by multi-disciplinary teams from the CBI.
PRISM’s replacement is also more agile in terms of both supervision and enforcement. Thanks to a more gentle approach, supervisory intervention from the CBI won’t immediately result in significant financial penalties that may only increase costs for firms as inflation rises. Instead, the bank will leverage a more comprehensive toolkit that starts with initial communications via ‘Dear CEO’ letters once risks are identified. These can prompt the implementation of risk mitigation programmes. Such programmatic interventions include the aforementioned initiatives, such as direct engagements and firm-specific risk assessments. They will also involve the stringent monitoring and reviewing of the necessary submissions (such as skilled person reports) to ensure firms appropriately manage risk and contribute to maintaining Ireland’s financial stability. Interventions will only escalate to enforcement in cases of non-compliance.
Perhaps more notably, the CBI’s new framework relies on a multi-year supervisory strategy. Refreshed annually, it aims to reflect the latest market developments that pose risks to the country’s financial sector as a whole. In line with this, the bank has and will continue to publish yearly reports that allow it to define and publicise its current set of priorities, which should help firms adjust accordingly. This year, for example, financial institutions will want to focus on the wide-ranging impacts US tariffs will have on Ireland’s overall economy, which may be exacerbated due to its large volume of pharmaceutical exports and ties to the EU. The CBI believes that this vital component of its new framework will allow it to react to market developments in a more timely manner and aid risk mitigation efforts when and where necessary.
How the country’s financial firms can adjust
Compliance with the CBI’s new supervisory framework can begin with equipping a firm’s leaders for the task. Providing Chief Financial Officers (CFOs) with the necessary tools can be particularly vital. That’s especially true given how their roles have expanded in the past decade, with areas like ESG and technology becoming key points of interest for investment. Unfortunately, CFOs and other leading financial professionals in charge of risk management will have to take more into account under the new CBI framework. Firms with a higher risk rating, for example, will have to meet expectations across multiple risk categories when being directly supervised by the CBI, including Business Model & Strategy Risk, Culture, Governance, & Risk Management, Operational Resilience Risk, and Financial Crime Risk. Though not subject to direct supervision, financial firms with a lower risk rating will still have to submit the necessary reports and undergo occasional onsite inspections.
To ensure financial leaders can adequately accomplish these tasks despite their expanded roles, firms can furnish C-suites with regulatory reporting software to streamline their workflows. Wolters Kluwer’s OneSumX tool highlights a scalable solution that can meet the needs of financial firms of any type and size while providing multiple risk management and regulatory reporting functionalities in a single, centralised platform. The suite can project multiple risk types across unlimited scenarios to generate highly granular insights, which can help firms maintain the data integrity needed to accurately self-report risks to the CBI despite changes in its supervision framework.
Firms must also take the necessary steps to react to market developments in a timely manner. As per an EY survey, this includes global trade issues. Tariffs ranked among the top five business risks worrying Ireland’s CFOs this year, with many concerned about their potential impacts on cybersecurity as digital transformation in the country’s financial sector deepens. Combined with Ireland’s current cybersecurity skills gap, US tariffs are expected to completely block accessibility to third-party vendors providing cybersecurity toolkits while raising prices for others. Secure World notes that firms needing to quickly find new vendors may skip the necessary checks to save time, resulting in vulnerabilities that can put the particularly sensitive information required for financial services at risk.
As such, it’s vital to strategically select one’s vendors amid developments like these. In the case of the cybersecurity risks posed by US tariffs, for example, financial firms can look to local suppliers like PlanNet21. Operating out of four offices across the country, including one in Galway, it was recently acquired by the Denmark-based Conscia, allowing it to expand its range of cybersecurity management tools to include solutions that specifically cater to the financial sector. Selecting local and EU-based vendors like this can help firms reduce risk and stay compliant with the CBI’s new requirements while navigating potentially impactful market events.
